Pages: 1
RSS
Can backup copy of mailbox be edited? Original mails inside it substituted by fake ones? Texts edited? Non existing mails inserted?, I need to determine if it's real copy of all data from original mailbox or it's fake?
 
Hello guys,
I have very important question. I got backup copy (*.tbb files) of somebody's mailbox.
I need to determine if it's real copy of all data from original mailbox or it's fake? The global question is "Can  backup copy of mailbox be  real evidence?"
That 's why I ask you following questions:
1) Can backup copy of mailbox be edited by some hackers? Original mails inside it substituted by fake ones? Texts edited? Non existing mails inserted?
2) How it can be done? Is it easy? Are there some editors?
 
.tbb Is The Bat's regular mailbox file format. I just gave it a try, and I could easily change the sender-name of a message in my .tbb file using a generic hexadecimal editor. So, it looks like the file is not protected against tampering. Inserting or substituting messages is probably not difficult either, but I haven't tried that.
 
But what about DKIM signature in the received mail (by gmail server for example)?
Does it guarantee the given mail was not tampered?
 
Quote
Gregory Levit wrote:
But what about DKIM signature in the received mail (by gmail server for example)?
Does it guarantee the given mail was not tampered?

Yes. a DKIM signature can certify the contents and originating server of an e-mail.

But that has nothing to do with The Bat, and you cannot use The Bat (or anything else) to fake DKIM signatures.
Edited: Daniel van Rooijen - 27 July 2017 11:23:21
 
If you use Voyager or The Bat Pro then use on-the-fly encryption, then the file is not plain text.

Even plain text would be problematic for 'normal people' to edit on the fly - the index file would be corrupted requiring rebuilding.
Pages: 1